What is Port Forwarding?

How does Port Forwarding work?

Last week I explained that in the One-to-One NAT, the firewall creates and uses a static translation table to forward traffic between the internal (private) IP address and external (public) IP address.

Port Forwarding works differently from One-to-One NAT because it allows you to create a static address translation table that forwards one or more ports to a device or devices using the same external IP address.

Notice that we are using only one external IP address and we are hosting two servers in our LAN.

Inbound Internet traffic coming to IP address 8.1.4.20 on port 80 will be forwarded to the web server 192.168.1.21.

Inbound Internet traffic coming to IP address 8.1.4.20 on ports 25 or 100 will be forwarded to the email server 192.168.1.22.

Outbound traffic to the Internet leaving from IP address 192.168.1.21 or 192.168.1.22 will be seen by devices on the outside as coming from the IP address 8.1.4.20.

Using Port Forwarding

Port Forwarding is commonly employed when a server in a private IP address range needs to be accessible by users in the Internet and only a port or a number of ports should be visible from the outside. It is important to notice that we must assign a fixed IP address to the server that will be using port forwarding.

The picture above shows a firewall that is doing port forwarding to a web server hosting WordPress. In this example, “FIOS address” is an alias to a public IP address setup on the firewall.

Port Forwarding is also a great solution for environments where there is a limitation on how many public IP addresses are available. It allows for several servers being hosted using one public IP address. Keep in mind that you may not forward the same port or range of ports to more than one server sharing the same public IP address.

Resource List

Below is a list of links to important concepts and information that you should be familiar with.